Hello,
we have a java app protected by the CAS client v 3.1. We want our logout
page "unprotected", with the rest of the content "protected".
Originally we just had the CAS client filters like so
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
But that meant that our logout.jsp was also CAS protected, which was not
what we wanted. (So I need to login to logout eh?)
We moved our app under /secure:
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping>
And we set up a welcome page pointing at /secure/index.jsp. But then, if we
access http://ourhost/ourapp/ the filters are not run as it appears that the
redirect to /secure/index.jsp is happening server side.
In order to get around this we created a /index.jsp implementing a 302
redirect to /secure/index.jsp and set our welcome page to this instead.
Is there a nicer way to deal with this? Can the filters be made to run for a
serverside-transfer to a filter protected resource? Can the welcome page
transfer be turned into a 302 instead?
Any ideas?
Thanks
Dale
--
View this message in context:
http://www.nabble.com/How-to-set-up-logout-page-in-the-Java-client-3.1-tp19447185p19447185.html
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
